Symbian Platform Security Breached!

Manko from over at Symbaali has made a ground breaking post! The post tells us how ‘hack’ the until so far caged Symbian directories.

The hack involves intercepting firmware downloaded by Nokia Software Updater. Making modifications to it and then flashing it to the device using the NSU itself. Pretty neat. Antony Pranata a Forum Nokia Champion has verified the hack and it really works!

Take a firmware update package (currently supported only by Nokia for their S60 phones).

Edit a well-isolated part of it, where all those capabilities (i.e. rights) are listed that a user can grant to a 3rd party application upon installation. Remove existing capabilities and add new ones.

Flash it.

The result is a phone that allows you to give any rights to any 3rd party applications enabling them to do basically anything on the device. The end user gets more control over the applications that reside on the phone and what not. The biggest implication of the hack is with regard to cracked applications amongst others.

The process of modding a SIS is easy too. You just need to Extract a signed SIS file, modify rights the application has, re-pack & sign it again and finally install it.

I’m sure Nokia will patch this loophole sooner than later but this has clearly brought out, once again the fact that no one or nothing is infallible! Although I need not say this but for the benefit of those of you worried about viruses or other malware you needn’t worry as this procedure is something that cannot be done without your knowledge and the NSU hack you yourself will have to carry out. Be rest assured there is no need to go buy an anti virus software because of this. Cheers!

Post navigation

18 thoughts on “Symbian Platform Security Breached!”

So far I’ve managed to get the swipolicy file to accept the changes – looks like Nokia have modified the NSU a tad, it now downloads the firmware every time rather than just pick up the old files off the drive. It’s still easy to bypass, literally just need to paste the modified file once it finishes downloading the new firmware, and just prior to the update.

The big problem is finding elftran.exe – have downloaded somewhere close to 500 megabytes of SDK’s from the developer site, but still no luck. Damned elusive executable.

So far I’ve managed to get the swipolicy file to accept the changes – looks like Nokia have modified the NSU a tad, it now downloads the firmware every time rather than just pick up the old files off the drive. It’s still easy to bypass, literally just need to paste the modified file once it finishes downloading the new firmware, and just prior to the update.

The big problem is finding elftran.exe – have downloaded somewhere close to 500 megabytes of SDK’s from the developer site, but still no luck. Damned elusive executable.

Just a small update for anyone reading – found elftran in the SDK downloaded from the nokia development site, specifically S60_3rd_Ed_SDK_FP2_Beta_b.zip. Have tweaked the capabilities for a bunch of applications such as image viewers, audio apps, and file browsers – the method works pretty much as advertised, though I skipped the whole DD thing and used a hex editor on the firmware file instead.

Just a small update for anyone reading – found elftran in the SDK downloaded from the nokia development site, specifically S60_3rd_Ed_SDK_FP2_Beta_b.zip. Have tweaked the capabilities for a bunch of applications such as image viewers, audio apps, and file browsers – the method works pretty much as advertised, though I skipped the whole DD thing and used a hex editor on the firmware file instead.

I modified a few image viewers initially so that I might find the operator logo more easily, rather than plugging through a few thousand directories with a file explorer by hand. After that I found a few more nefarious uses such as hiding some ‘not safe for work’ pictures in places that are not looked in by default.

Interestingly it looks like it’s possible to extract some of the built in apps and elevate their capabilities too.

I modified a few image viewers initially so that I might find the operator logo more easily, rather than plugging through a few thousand directories with a file explorer by hand. After that I found a few more nefarious uses such as hiding some ‘not safe for work’ pictures in places that are not looked in by default.

Interestingly it looks like it’s possible to extract some of the built in apps and elevate their capabilities too.

I have tried on E60 yesterday night by trying different changes (some with AllFiles, some with the full list, by following the comment there and there)
At the end, i always end up with CORRUPT file even when installing “normal” / “standard” app that always worked.

I have tried on E60 yesterday night by trying different changes (some with AllFiles, some with the full list, by following the comment there and there)
At the end, i always end up with CORRUPT file even when installing “normal” / “standard” app that always worked.

Yup, had this problem myself, the way to overcome it is to pad out any left over space in the swipolicy.ini file – I did this at first with 0x00 – failed, then 0x20 -failed. Both kept giving me the ‘File Corrupt” message.

What eventually worked for me every single time was to just pad out any remaining space with 0d 0a

Yup, had this problem myself, the way to overcome it is to pad out any left over space in the swipolicy.ini file – I did this at first with 0x00 – failed, then 0x20 -failed. Both kept giving me the ‘File Corrupt” message.

What eventually worked for me every single time was to just pad out any remaining space with 0d 0a

Sorry to post so much. Even if Nokia update the firmware and figure out a solution that prevents people messing with NSU, the same process also works using Phoenix. This cat is out of the bag for good.

Sorry to post so much. Even if Nokia update the firmware and figure out a solution that prevents people messing with NSU, the same process also works using Phoenix. This cat is out of the bag for good.